Bluetooth Hacking - The State of The Art

A roundup and live demonstrations of all currently known Bluetooth vulnerabilities.

This talk will provide an overview of all currently know Bluetooth exploits, as well as live demonstrations, including Bluebugging, Snarfing, Dumping, PIN cracking and Car Whispering.

Since the last trifinite group presentation at 21C3 a lot has happened in the Bluetooth hacking world. New vulnerabilities have come to light, including some that, unlike previous issues, attack the Bluetooth fundamentals themselves, such as pairing and cryptography. In addition to these, other new attacks such as BlueSmack, BlueSnarf++, BlueBump and Car Whisperer have been developed. In the rapidly expanding world of Bluetooth, it seems the opportunities for mischief abound, and this is a target rich environment for the White and Black Hat hacker alike.

In this talk we will present live demonstations of tools such as Car Whisperer, which allows an attacker to connect to vehicle car kits and listen in to conversations via the microphone, and/or inject sound into the car speakers... Provide your own useful traffic bulletins! How often have you wanted to reach out and pass your compliments on the excellent manouver the guy in front of you just made? Now you can do all of that and more...

In May, 2005 Shaked & Wool published a theoretical attack on the Bluetooth pairing process. In this talk we will show that the theory is a reality, and present the combined techniques of BlueDumping, BlueSpooofing and PIN cracking, leading to the all-new eavesdropping attack dubbed BlueDropping. This is a brand new attack, never seen in public before, and disclosed for the first time at 22C3. Using this technique, it is possible to monitor and record any and all data and/or voice traffic within a Bluetooth piconet.